Role Assignment Precedence for SIP Servlet Roles
Converged Application Server provides several ways to map sip.xml roles to actual roles in the SIP Container during deployment. For declarative and programmatic security defined in sip.xml, the order of precedence for role assignment is:
-
If weblogic.xml assigns a sip.xml role in a
security-role-assignmentelement, thesecurity-role-assignmentis used.Note:
Converged Application Server also requires a role definition in web.xml in order to use a security-role-assignment. See "Important Requirements".
-
If no
security-role-assignmentis available (or if the required web.xml role assignment is missing), implicit role assignment is used.
For run-as role assignment, the order of precedence for role assignment is:
-
If weblogic.xml assigns the sip.xml deployment descriptor's
run-asrole in arun-as-principal-nameelement defined withinservlet-descriptor, therun-as-principal-nameassignment is used.Note:
Converged Application Server also requires a role definition in web.xml in order to assign roles with run-as-principal-name. See "Important Requirements".
-
If weblogic.xml assigns the sip.xml deployment descriptor's
run-asrole in arun-as-role-assignmentelement, therun-as-role-assignmentelement is used.Note:
Converged Application Server also requires a role definition in web.xml in order to assign roles with
run-as-role-assignment. See "Important Requirements". -
If weblogic.xml assigns the sip.xml deployment descriptor's
run-asrole in asecurity-role-assignmentelement, thesecurity-role-assignmentis used.Note:
Converged Application Server also requires a role definition in web.xml in order to use a
security-role-assignment. See "Important Requirements". -
If no
security-role-assignmentis available (or if the required web.xml role assignment is missing), implicit role assignment is used.